HIPAA Doesn't Cover All Personal Health Data
By Katie Wike, contributing writer
Some personal health information is not covered under HIPAA regulations, but one study says this unregulated data can be just as sensitive.
According to The California Healthcare Foundation’s new report, unregulated personal health data can be just as sensitive as data protected by HIPAA regulations. “Every day, in the course of using cell phones, credit cards, search engines, websites, and medical devices, we leave digital ‘footprints.’ Aggregated and analyzed, these data flows, which occur with and without our knowledge, have the potential to paint a detailed health profile of individuals, as well as to describe whole communities based on location, health conditions, or other factors,” writes the report’s author, health economist and consultant Jane Sarasohn-Kahn.
“Most people are unaware that they are leaving their personal data behind and that some of this information is not protected by HIPAA. Data brokers are able to build dossiers on individuals to sell to marketers, while consumers lack recourse to obtain or correct their information.”
MobiHealth News explains wearable devices such as FitBit or check-ins on FourSquare at fast food restaurants fall under data which is not protected under HIPAA. These regulations also don’t cover health scores which, like credit scores for a patients’ health, are also out of HIPAA’s control.
“Different types of information — such as historical claims data and consumer-generated data — can be combined and used for statistical modeling for health or financial risk-profiling. Such information is purchased by hedge funds, hospitals, large provider networks, payers, pharmaceutical companies, and others,” writes Sarasohn-Kahn.
“Even when given an opportunity, most consumers are not vigilant about protecting their data; many are willing to share data to further their own health or to serve public health goals.” This is evident through the fact that 94 percent of patients are willing to share personal health information to help their doctors improve care.
“It has become clear that existing laws and policy frameworks have not kept pace with the technology,” Sarasohn-Kahn writes. “Furthermore, there is no over-arching national law that addresses citizens’ privacy. Instead, user-generated data and health information relate to a patchwork of laws and regulations for which responsibility falls into many federal agencies, along with individual state regulations for specific health and privacy issues.”